[olug] HeadsUP - StartSSL.com root certificate change in Firefox

Rob Townley rob.townley at gmail.com
Wed Oct 26 22:20:39 CDT 2016

Not sure if there will be a time period or not where firefox will simply
not trust StartSSL at all until the next Firefox version
​​.  That is one problem.  A bigger problem for most of us is if your
website uses StartSSL.com certificates, you would have to renew them based
on the new StartCOM root CA.  StartCOM is forced to generated new ROOT
certificate authorities, not just intermediate CAs.  The notice does not
seem to appear until after one authenticates with their certificate.  Since
certificate authentication is often a challenge, i am posting the notice
here in verbatim.

> *​   ​*
> *Mozilla decided to distrust all StartCom root certificates as of 21st of
> October, this situation will have an impact in the upcoming release of
> Firefox in January. StartCom will provide an interim solution soon and will
> replace all the issued certificates from that date in case of requested.
> Meanwhile StartCom is updating all their systems and will generate new root
> CAs as requested by Mozilla.*

More information about the OLUG mailing list